@ackplus/nest-auth 1.1.24 → 1.1.25

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (3) hide show
  1. package/package.json +1 -1
  2. package/src/lib/core/providers/google-auth.provider.d.ts.map +1 -1
  3. package/src/lib/core/providers/google-auth.provider.js +34 -26
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@ackplus/nest-auth",
3
- "version": "1.1.24",
3
+ "version": "1.1.25",
4
4
  "type": "commonjs",
5
5
  "main": "./src/index.js",
6
6
  "types": "./src/index.d.ts",
package/src/lib/core/providers/google-auth.provider.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"google-auth.provider.d.ts","sourceRoot":"","sources":["../../../../../../../packages/nest-auth/src/lib/core/providers/google-auth.provider.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,gBAAgB,EAAE,MAAM,sBAAsB,CAAC;AAGxD,OAAO,EAAE,UAAU,EAAE,MAAM,SAAS,CAAC;AAIrC,qBACa,kBAAmB,SAAQ,gBAAgB;IAMhD,QAAQ,CAAC,UAAU,EAAE,UAAU;IALnC,YAAY,SAAwB;IACpC,OAAO,CAAC,MAAM,CAAe;IAC7B,OAAO,CAAC,YAAY,CAA8B;gBAGrC,UAAU,EAAE,UAAU;IAenC;;;;;;OAMG;IACG,QAAQ,CAAC,WAAW,EAAE;QAAE,KAAK,EAAE,MAAM,CAAC;QAAC,IAAI,EAAE,IAAI,GAAG,QAAQ,CAAA;KAAE;;;;;;;;;IA+DpE,iBAAiB,IAAI,MAAM,EAAE;CAGhC"}
1
+ {"version":3,"file":"google-auth.provider.d.ts","sourceRoot":"","sources":["../../../../../../../packages/nest-auth/src/lib/core/providers/google-auth.provider.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,gBAAgB,EAAE,MAAM,sBAAsB,CAAC;AAGxD,OAAO,EAAE,UAAU,EAAE,MAAM,SAAS,CAAC;AAIrC,qBACa,kBAAmB,SAAQ,gBAAgB;IAMhD,QAAQ,CAAC,UAAU,EAAE,UAAU;IALnC,YAAY,SAAwB;IACpC,OAAO,CAAC,MAAM,CAAe;IAC7B,OAAO,CAAC,YAAY,CAA8B;gBAGrC,UAAU,EAAE,UAAU;IAenC;;;;;;OAMG;IACG,QAAQ,CAAC,WAAW,EAAE;QAAE,KAAK,EAAE,MAAM,CAAC;QAAC,IAAI,EAAE,IAAI,GAAG,QAAQ,CAAA;KAAE;;;;;;;;;IA6EpE,iBAAiB,IAAI,MAAM,EAAE;CAGhC"}
package/src/lib/core/providers/google-auth.provider.js CHANGED
@@ -46,48 +46,56 @@ let GoogleAuthProvider = class GoogleAuthProvider extends base_auth_provider_1.B
46
46
  console.error('Google ID Token validation failed:', error);
47
47
  throw new common_1.UnauthorizedException('Invalid Google ID token');
48
48
  }
49
+ // CASE 2: ACCESS TOKEN
49
50
  }
50
51
  else if (type === 'access') {
51
- // CASE 2: Validation via Access Token
52
- // Useful when the client only has an access token (implicit flow or mobile SDKs).
53
52
  try {
54
- // Step 1: Verify the token info to ensure it's valid and for the correct app
53
+ // 1) Basic validation
55
54
  const tokenInfo = await this.client.getTokenInfo(token);
56
- // Optional: Verify audience if needed, though getTokenInfo validates validity
57
- // if (tokenInfo.aud !== this.googleConfig.clientId) { ... }
58
- if (!tokenInfo.email_verified) {
59
- throw new common_1.UnauthorizedException('Google email not verified');
60
- }
61
- // Step 2: Fetch user profile to get standard fields (sub, name, email, picture)
62
- const response = await this.client.request({
63
- url: 'https://www.googleapis.com/oauth2/v3/userinfo',
55
+ // Optional / depends on scopes; don’t *assume* email_verified exists
56
+ // if ((tokenInfo as any).email_verified === false) {
57
+ // throw new UnauthorizedException('Google email not verified');
58
+ // }
59
+ // 2) Fetch profile from userinfo endpoint (use plain fetch/axios)
60
+ const res = await fetch('https://www.googleapis.com/oauth2/v3/userinfo', {
64
61
  headers: {
65
62
  Authorization: `Bearer ${token}`,
66
63
  },
67
64
  });
68
- payload = response.data;
65
+ if (!res.ok) {
66
+ console.error('userinfo error status:', res.status, await res.text());
67
+ throw new common_1.UnauthorizedException('Failed to fetch Google user info');
68
+ }
69
+ const userInfo = (await res.json());
70
+ payload = {
71
+ ...userInfo,
72
+ sub: tokenInfo.sub ?? userInfo.sub,
73
+ email: userInfo.email ?? tokenInfo.email,
74
+ name: userInfo.name,
75
+ picture: userInfo.picture,
76
+ locale: userInfo.locale,
77
+ };
69
78
  }
70
79
  catch (error) {
71
80
  console.error('Google Access Token validation failed:', error);
72
81
  throw new common_1.UnauthorizedException('Invalid Google Access token');
73
82
  }
74
- if (!payload) {
75
- throw new common_1.UnauthorizedException(`Invalid Google ${type} token`);
76
- }
77
- return {
78
- userId: payload.sub,
79
- email: payload.email || '',
80
- metadata: {
81
- name: payload.name,
82
- picture: payload.picture,
83
- locale: payload.locale,
84
- },
85
- };
86
83
  }
87
84
  else {
88
- // CASE 3: No valid credentials provided
89
- throw new common_1.UnauthorizedException('Missing required Google credentials (idToken or accessToken)');
85
+ throw new common_1.UnauthorizedException('Missing or invalid Google token type (id | access) in credentials');
86
+ }
87
+ if (!payload || !payload.sub) {
88
+ throw new common_1.UnauthorizedException(`Invalid Google ${type} token`);
90
89
  }
90
+ return {
91
+ userId: payload.sub,
92
+ email: payload.email || '',
93
+ metadata: {
94
+ name: payload.name,
95
+ picture: payload.picture,
96
+ locale: payload.locale,
97
+ },
98
+ };
91
99
  }
92
100
  getRequiredFields() {
93
101
  return ['token'];